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TN THE CLAIMS 
Amended claims follow: 

(Currently Amended) A method of executing a risk-assessment scan with a variable 

timeout duration which is set based on network conditions, comprising: 

measuring network conditions in a network coupled between a source and a target; 

executing a risk-assessment scan on the target from the source; and 

performing a risk-assessment scan-related timeout prior to making a determination that 

the target is failing to respond to the risk-assessment scan; 

wherein the timeout includes a variable duration which is set as a function of the 

measured network conditions; 

wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
whcroin the timeout in sot by th e following algorithm: 

gj^eaHtf iQ < or > P^^bHR^f^^ 
where: 

Rdefauifr^^efault r e sponse duration ? 

Racta ^- actual rosponoe duration ; 
default timeout value, 

y aefat 4.=- aetuol timeout valu e , 

F ~ deviation factor, and 

N ~ normalizing factor 
wherein the timeout is set utilizing a plurality of network co ndition probes that gather 
multiple network condition measurements on a single target; 

wherein the measured network conditions are measured for an entir e network segment on 
which a plurality of target components is located . 



PAGE9J19'RCVD AT 3/22/2006 4:42:01 PM [Eastwn Standard Tirnel 1 SVR:USPTO€FXRF-2/15* DN1S:27W300 * CSID:4089714660 1 DURATION (mm-ss):04^56 



'MAR. 22. 2006' 1:54PM ZILKA-KOTAB, PC 



NO. 2340 P. 10 



2. (Original) The method as recited in claim 1 , wherein the network conditions include 
latency associated with communication between the source and the target. 

3. (Original) The method as recited in claim 1, wherein measuring the network conditions 
includes transmitting a probe signal from the source to the target utilizing the network. 

4. (Original) The method as recited in claim 3, wherein the probe signal prompts the target 
to send a response signal to the source utilizing the network. 

5. (Original) The method as recited in claim 4, wherein measuring the network conditions 
further includes receiving the response signal from the target utilizing the network. 

6. (Original) The method as recited in claim 5, wherein measuring the network conditions 
further includes measuring a response duration between the transmission of the probe 
signal and the receipt of the response signal. 

7. (Original) The method as recited in claim 6, wherein the timeout is set as a function of 
the response duration. 

8. (Cancelled) 

9. (Cancelled) 

10. (Original) The method as recited in claim 1 3 wherein executing the risk-assessment scan 
includes executing a plurality of risk-assessment scan modules. 

1 1 . (Original) The method as recited in claim 1 0, wherein the timeout is performed for each 
of the risk-assessment scan modules. 

12. (Original) The method as recited in claim 1 , and further comprising storing a result of the 
measurement of the network conditions. 
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13. (Cancelled) 

14. (Currently Amended) A computer program product embodied on a computer readable 
medium for executing a risk-assessment scan with a variable timeout duration which is 
set based on network conditions, comprising: 

a) computer code for measuring network conditions in a network coupled between a source 
and a target; 

b) computer code for executing a risk-assessment scan on the target from the source; and 

c) computer code for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to the risk-assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of the 
measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
wherein tho timeout i s sot - by tho following algorithm: 



tfRa ^ia < or > P cd^^bH^fe^^T 
wher e : 

Rdefeg^g- default resp e n s e duration ? 
Rasata p- actual respons e duration, 
^dsferff default timoout valu e , 
¥flfimai -~ actual timeout valn e? 
F ~ deviation factor, and 
N ~ normalizing factor 

f) wherein the timeout is set utiH *inp r a plurality of netwo rk condition probes that gather 
multiple network condition measurements on a single target; 
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6 ) wherein the measured network conditions are me asured for an entire fretwork segment on 
which a plurality of target components is located, 

1 5 . (Original) The computer program product as recited in claim 1 4, wherein the network 
conditions include latency associated with communication between the souxce and the 
target. 

16. (Original) The computer program product as recited in claim 14, wherein measuring the 
network conditions includes transmitting a probe signal from the source to the target 
utilizing the network. 

17. (Original) The computer program product as recited in claim 1 6, wherein the probe signal 
prompts the target to send a response signal to the source utilizing the network. 

18. (Original) The computer program product as recited in claim 1 7, wherein measuring the 
network conditions further includes receiving the response signal from the target utilizing 
the network. 

1 9. (Original) The computer program product as recited in claim 1 8, wherein measuring the 
network conditions further includes measuring a response duration between the 
transmission of the probe signal and the receipt of the response signal. 

20. (Original) The computer program product as recited in claim 1 9, wherein the timeout is 
set as a function of the response duration. 

21. (Cancelled) 

22. (Cancelled) 

23. (Original) The computer program product as recited in claim 1 4, wherein executing the 
risk-assessment scan includes executing a plurality of risk-assessment scan modules. 
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24, (Original) The computer program product as recited in claim 23, wherein the timeout is 
performed for each of the risk-assessment scan modules. 

25, (Original) The computer program product as recited in claim 14, and further comprising 
computer code for storing a result of the measurement of the network conditions. 



26. (Cancelled) 

27. (Original) The computer program product as recited in claim 14, wherein the network 
conditions are measured for a network segment, and the measured network conditions are 
used to set the timeout for a plurality of targets located on the network segment. 

28. (Currently Amended) A system embodied on a computer readable medium for executing 
a risk-assessment scan with a variable timeout duration which is set based on network 
conditions, comprising: 

a) logic for measuring network conditions in a network coupled between a source and a 

target; 

b) logic for executing a risk-assessment scan on the target from the source; and 

c) logic for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is foiling to respond to the risk-assessment scan; 

d) wherein the timeout includes a variable duration which is set as a function of the 
measured network conditions; 

e) wherein the risk-assessment scan is abandoned if the target fails to respond to the risk- 
assessment scan within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
whoroin the tim e out is aet by tho following algorithm: 



tfRagm ^Q * or> R^ ^b^^^r 1 ^? 

else Tg aaaiJ^Fdgfwkh^^d 
where: 
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R&i^— default response duration, - 
Racfaoi -" actual response duration, 
^4^m -~ default timoout value, 
^gsad -" actual timoout value, 
F ~ deviation factor, and 
N - normalizing factor 

fi wherein the timeout is set utilizing a plurality of network condition probes that gather 
multi ple network condition measurements on a single target; 

wherein the measured network conditions are m e asured for an entire network segment on 
which a plurality of target components is located . 

29. (Currently Amended) A method of executing a risk-assessment scan with a variable 
timeout duration which is set based on network conditions, comprising: 

a) transmitting a probe signal from a source to a target utilizing a network, the probe signal 
prompting the target to send a response signal to the source utilizing the network; 

b) receiving the response signal from the target utilizing the network; 

c) measuring a response duration between the transmission of the probe signal and the 
receipt of the response signal; 

d) executing a risk-assessment scan including a plurality of risk-assessment scan modules; 

e) performing a risk-assessment scan-related timeout prior to making a determination that 
the target is failing to respond to each of the risk-assessment scan modules, wherein the 
timeout includes a variable duration which is set as a function of the response duration; 
and 

f) abandoning the risk-assessment scan modules if the target fails to respond to the risk- 
assessment scan modules within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
whoroin the timeout is got by the following algorithm: 



igRas ^S < or > I W^bHiWefetdrN^ 



PAGE 14/19 4 RCVD AT 3/22/2006 4:42:01 PM [Eastern Stantfard Time] * SVR:USPTO-EFXRF-2/15 * DNiS:2738300 * CS!D:4089714660 * DURATION (mm-ss):04-56 



HAR. 22. 2006* 1:55PM ZILKA-KQTAB, PC 



NO. 2340 P. 15 



-8- 

wher e* 

R&fitt^--dcfault response duration, 

Racfaai .- actual response duration, 
default timeout va l ue, 

^aeft^-- actual timoout value, 

F - deviation factor, and 

N ~ normalizing factor 
wherein the timeout is set utiJ i™? * plur ality of netwo rk condition probes that gather 
multiple network condition measurements on a single target: 
hi wherein the measured network conditions are measured for an entire network segment on 
which a plurality of target components is located . 

30. (Currently Amended) A computer program product embodied on a computer readable 
medium for executing a risk-assessment scan with a variable timeout duration which is 
set based on network conditions, comprising: 

a) computer code for transmitting a probe signal from a source to a target utilizing a 
network, the probe signal prompting the target to send a response signal to the source 
utilizing the network; 

b) computer code for receiving the response signal from the target utilizing the network; 

c) computer code for measuring a response duration between the transmission of the probe 
signal and the receipt of the response signal; 

d) computer code for executing a risk-assessment scan including a plurality of risk- 
assessment scan modules; 

e) computer code for performing a risk-assessment scan-related timeout prior to making a 
determination that the target is failing to respond to each of the risk-assessment scan 
modules, wherein the timeout includes a variable duration which is set as a function of 
the response duration; and 

f) computer code for abandoning the risk-assessment scan modules if the target fails to 
respond to the risk-assessment scan modules within the variable duration; 

wherein the timeout is set by adding a default value with a variable value which is set as a 
function of the measured network conditions; 
wherein th e timoout is set by th e following algorithm: 
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tfjtac^O ^ or > IWb^W^r 

whoro: 

R^fajt-- default response duration, 
Raauai .-- aotual response duration ? 

default timeout value, 
3nae6»i -" actual timoout value, 
F ~ deviation factor, and 
N ^ normalizing fa etog 
a) wherein the timeout is set util izing a plur ality of netwo rk condition probes that gather 

multi ple network condition measurements on a single target: 
K\ wherein the measured network conditions are measured for an entire network segment o n 
which a plurality of target components is located . 

31. (Cancelled) 

32. (Cancelled) 

33. (Cancelled) 

34. (Previously Presented) The method as recited in claim 1 , wherein the source is capable of 
reducing a latency of the risk-assessment scan by setting the variable duration to a 
minimal value, while avoiding the abandonment of vulnerable systems reachable over 
high latency networks by increasing the variable duration to accommodate such 
scenarios. 
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